Binding default SSL profile leads to lack of Elliptic Curve Cryptography Cihpers
Article ID: CTX278843
Updated On:
Description
After enabled and bind default SSL profiles on Citrix ADC,
Elliptic Curve Cryptography ciphers may be disabled in SSL handshakes.
For example, if we enable and bind ns_default_ssl_profile_backend to an https monitor, and monitor bounds to a service,
ADC won't use any ECDH or ECDSA ciphers for SSL handshakes of this montior.
This may cause SSL handshake failure when backend server only supports ECDH and ECDSA Ciphers.
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Resolution
Manually bind ECC curves to the SSL profile that need to support Elliptic Curve Cryptography ciphers
Problem Cause
Citrix ADC doesn't bind ECC curves to build-in SSL profiles in default settings, need manual configuration.Issue/Introduction
Citrix ADC doesn't bind ECC curves to build-in SSL profiles in default settings, need manual configuration
Additional Information
Was this article helpful?
Yes
No
Powered by
